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Statement  of  Problem  and  Overview 


Since  the  seminal  work  of  Shannon  in  1948,  reliability  and  efficiency  tradeoff  have  been  at  the  heart  of  modern  communication 
theory.  For  random  errors  introduced  in  the  communication  channels,  Shannon’s  information  theory  shows  where  the  tradeoff 
between  reliability  and  efficiency  lies,  and  information  theory  has  inspired  practical  coding  schemes  for  detecting  and  correcting 
such  random  errors. 

What  happens  when  errors  introduced  are  not  random  effects  of  nature  but  results  of  malicious  acts  of  an  adversary?  As 
modern  communications  rely  increasingly  on  networks,  what  if  some  of  the  nodes  are  controlled  by  adversaries?  These 
questions,  unfortunately,  cannot  be  answered  easily  using  classical  information  and  coding  theories  because  actions  of  an 
adversary  cannot  be  captured  by  some  probability  distributions.  More  importantly,  adversaries  can  be  cognitive  and 
opportunistic  as  they  learn  the  communication  and  networking  environments  and  adapt  their  strategies  of  attacks.  Despite  the 
rapid  expansion  of  literature  on  communication  and  network  security,  we  know  very  little  at  the  fundamental  level  how  to 
characterize  the  reliability-efficiency  tradeoff  when  there  are  adversaries  in  the  network,  and  we  lack  provably  effective 
techniques  to  mitigate  malicious  and  covert  actions  inside  the  network. 

If  communication  network  is  vulnerable  to  attacks,  cyber  physical  systems  (CPS)  that  rely  on  communication  networks  for 
sensing,  actuation,  and  control  will  also  vulnerable.  Because  CPS  often  involves  coordinated  decisions  for  real-time  operations, 
adversarial  attacks  on  CPS  carry  significantly  different  objectives  from  gaining  access  to  information;  such  attacks  may  aim  at 
disrupting  critical  mission. 

This  project  addresses  security  issues  of  communication  networks  and,  more  broadly,  cyber  physical  systems  are  subject  to 
internal  or  external  attacks.  The  overall  objective  of  this  research  is  three.  First,  we  develop  a  mathematical  theory  that 
characterizes  limits  of  networking  and  fundamental  tradeoffs  among  networking  performance  (capacity,  throughput,  delay,  etc.), 
measures  of  security  (e.g.,  probability  of  detection),  and  the  power  of  adversaries  (the  number  of  channels  that  adversary  can 
monitor,  the  number  of  adversarial  nodes).  Second,  we  develop  schemes  for  practical  applications,  which  include  new  coding 
techniques  capable  of  countering  arbitrary  adversarial  actions.  Finally,  we  extend  theory  developed  here  to  broader  classes  of 
networks.  In  particular,  we  focus  on  cyber-physical  systems  where  the  aims  of  attack  go  beyond  creating  decoding  error. 

The  key  approach  considered  in  this  research  is  to  develop  the  class  of  structured  nonlinear  codes.  To  this  end,  we  have 
investigated  the  class  of  nonlinear  codes  that  are  built  upon  the  classical  structures  of  MDS  (linear)  codes  with  additional 
anomaly  detection  capabilities.  This  latter  feature  is  crucial  to  discover  adversary  actions  not  at  the  destination  but  at  an  earlier 
stage  of  the  information  flow. 

The  project  has  also  addressed  important  architectural  questions.  In  particular,  we  have  examined  the  applicability  of  various 
“separation  principles”  in  network  design  in  the  presence  of  adversaries  and  identify  scenarios  when  designs  based  on 
separation  principles  are  optimal  and  to  what  degree  suboptimal. 

Beside  communication  networks,  we  have  considered  cyber  physical  systems  under  the  so-called  man-in-the  middle  attack, 
focusing  on  attacks  on  state  estimation,  which  is  the  key  component  of  any  CPS.  The  mathematical  abstract  considered  in  our 
work  arises  from  electric  networks  that  are  monitored  by  sensors.  However,  the  attack  and  countermeasure  schemes 
developed  apply  to  more  general  settings. 


Significance 

The  tactical  networks  for  the  military  must  operate  in  hostile  environments  where  nodes  of  the  network  are  vulnerable  to 
adversary  attacks.  As  operations  increasingly  rely  on  networked  distributed  systems,  the  risk  of  attacks  also  increases.  The 
advent  of  P2P  operations,  cloud  computing,  network  coding,  and  sensor  networks  for  military  tactical  networking  raises  cogent 
needs  of  developing  coding  and  networking  mechanisms  that  provide  reliable  operations  in  the  presence  of  unreliable  and 
possibly  adversarial  participants. 

The  results  obtained  provide  important  insights  into  performance  cost  in  the  presence  of  adversaries.  They  illustrate  how 
mathematical  structures  of  network  coding  and  lossy  compression  schemes.  Of  particular  significance  is  the  implication  on  the 
source-channel  separation  principle,  which  has  been  shown  to  be  optimal  in  a  wide  range  of  scenarios  in  conventional 
networks,  might  not  in  general  be  optimal  when  adversaries  are  present.  This  fact  is  particularly  intriguing  and  indicates  that  the 
fundamental  limits  of  adversarial  networks  might  be  appreciably  different  from  those  of  conventional  networks. 

Summary  of  the  most  important  results 

1. Polytope  Codes  Against  Adversaries  in  Networks 

Network  coding  allows  routers  in  a  network  to  execute  possibly  complex  codes  in  addition  to  routing;  it  has  been  shown  that 
allowing  them  to  do  so  can  increase  communication  rate.  However,  taking  advantage  of  coding  at  internal  nodes  means  that 


sources  and  destinations  must  rely  on  other  nodes — nodes  they^may  not  have  complete  control  over — to  reliably  perform 
certain  functions.  If  these  internal  nodes  do  not  behave  correctly,  or,  worse,  maliciously  attempt  to  subvert  the  goals  of  the 
users — constituting  a  so-called  Byzantine  attack — standard  network  coding  techniques  fail. 

Our  primary  contribution  is  a  class  of  network  codes  to  defeat  adversaries  called  Polytope  Codes.  These  were  originally 
introduced  in  under  the  less  descriptive  term  “bounded-linear  codes”.  Polytope  Codes  are  nonlinear  codes,  and  they  improve 
over  linear  codes  by  allowing  error  detection  inside  the  network.  This  allows  adversaries  to  be  more  easily  identified,  whereby 
the  messages  they  send  can  be  ignored.  We  also  prove  a  cut-set  upper  bound  on  achievable  rates  in  networks  with  node- 
based  adversaries.  This  cut-set  bound  is  a  form  of  the  Singleton  bound,  originally  proved  for  classical  error-correcting  codes. 
We  show  that  for  a  class  of  planar  networks,  Polytope  Codes  can  achieve  the  rate  given  by  this  cut-set  bound,  which  means 
that  they  achieve  the  capacity  for  these  networks.  We  also  show  that  the  cut-set  bound  is  not  always  achievable,  by  giving  an 
example  network  with  a  strictly  smaller  capacity. 

2.  Lossy  Source  Coding  with  Byzantine  Adversaries 

While  the  rapid  growth  of  modern-day  communication  networks  makes  them  increasingly  useful,  it  also  makes  them 
increasingly  difficult  to  protect  against  attacks.  This  is  especially  true  of  those  networks,  such  as  peer-to-peer  systems, in  which 
the  nodes  are  controlled  by  different  entities.  In  the  case  of  peer-to  peer  networks,  malicious  users  could  sabotage  the  file¬ 
sharing  process  by  intentionally  transmitting  a  corrupted  version  of  the  file.  Similar  problems  can  potentially  arise  in  ad-hoc 
networks  and  distributed  storage  systems. 

There  has  been  considerable  work  on  how  to  protect  transmitted  information  against  malicious  users  within  the  context  of 
channel-  and  network-coding,  and  a  number  of  significant  results  are  available.  Yeung  and  Cai  show  that  if  z  unit-capacity 
edges  in  an  acyclic  multicast  network  are  subject  to  random  or  adversarial  errors,  then  the  network  capacity  is  C-2z,  where  C  is 
the  network  capacity  when  all  edges  are  error-free.  Thus  if  an  adversary  controls  z  edges,  it  effectively  removes  2z  edges  from 
the  original  adversary-free  network.  This  is  reminiscent  of  the  Singleton  bound,  and  we  refer  to  it  as  the  “factor-of-2”  rule.  The 
factor-of-2  rule  was  also  shown  to  hold  for  lossless  source  coding:  it  is  well  known  that  if  a  source  X  is  to  be  losslessly 
communicated  via  n  packets,  then  the  sum  rate  of  those  packets  must  be  at  least  the  entry  of  X,  H(X).  Kosut  and  Tong  have 
shown  that  if  t  of  the  n  packets  can  be  altered  in  arbitrary  ways  by  adversaries,  then  every  n-2t  packets  must  have  sum  rate  at 
least  H(X).  Thus  t  traitors  effectively  remove  2t  packets  from  the  original  adversary-free  problem,  i.e.,  the  factor-of-2  rule 
obtains.  In  the  context  of  peer-to-peer  systems,  often  the  ultimate  goal  is  to  communicate  a  file  approximately  rather  than 
reliably.  Codes  and  fundamental  limits  for  this  problem  are  less  well  understood.  One  natural  approach  to  this  problem  is  to 
perform  separate  compression  and  adversarial  error-protection.  That  is,  one  combines  rate-distortion-optimal  lossy 
compression  with  network  codes  that  are  optimal  for  the  adversarial  model  at  hand. 

We  show  that  this  approach  is  optimal  in  some  cases  but  suboptimal  in  general,  even  for  networks  with  one  sender,  one 
receiver,  and  no  intermediate  nodes.  Specifically,  we  consider  the  problem  in  which  a  source  is  compressed  to  form  n  packets, 
any  t  of  which  can  be  altered  in  an  arbitrary  way.  The  decoder  receives  the  n  packets  and,  without  knowing  which  packets  were 
altered,  must  estimate  the  source  to  meet  a  given  distortion  constraint.  We  show  that  separate  compression  and  adversarial 
error  correction  achieve  rate-distortion  performance  governed  by  the  factor-of-2  rule,  and  that  this  is  optimal  for  binary  sources 
with  the  Hamming  distortion  measure  and  Gaussian  sources  with  the  mean  square  error  distortion  measure.  These  two 
optimality  results  hinge  on  a  combinatorial  result  of  Kleitman  on  the  maximum  size  of  subsets  of  Hamming  space  with  a  given 
diameter,  and  the  Brunn-Minkowski  inequality,  respectively.  We  then  show  by  means  of  a  counterexample,  involving  a  binary 
source  with  erasure  distortion,  that  separation  is  not  optimal  in  general.  We  consider  a  3-encoder  problem  with  one  traitor  such 
that  one  encoder  has  rate  R  <  1 ,  while  the  other  two  have  rate  1  and  can  therefore  transmit  the  source  sequence  exactly.  We 
determine  the  optimal  distortion  for  this  problem  as  a  function  of  R  and  show  that  separation  cannot  achieve  it.  We  note  that 
while  source-channel  separation  has  long  been  known  to  fail  in  many  scenarios,  the  reason  that  it  fails  here  seems  to  be 
fundamentally  different  from  the  standard  examples. 

3. Man-in-the-middle  Attacks  on  Cyber  Physical  Systems 

We  consider  the  problem  of  man-in-the-middle  (MiM)  attacks  on  the  state  estimation  of  a  cyber  physical  system  (CPS)  modeled 
by  a  topological  graph  with  linear  algebraic  constraints.  As  a  practical  example,  such  a  model  arises  from  an  electric  power 
system  in  which  the  power  flow  is  governed  by  the  Kirchhoff  law.  When  an  adversary  launches  an  MiM  data  attack,  part  of  the 
sensor  data  are  intercepted  and  substituted  with  malicious  data  in  such  a  way  that  the  state  estimator  yields  possibly  drastically 
wrong  estimates. 

We  show  that  if  an  adversary  has  the  ability  to  adjust  the  measurements  from  enough  meters,  then  no  algorithm  at  the  control 
center  will  ever  be  able  to  detect  that  an  adjustment  has  been  made.  This  can  be  viewed  as  a  fundamental  limit  on  the  ability  of 
the  classical  formulation  of  state  estimation  to  handle  cooperative  attacks.  We  also  show  that  there  is  a  close  relationship 
between  the  attacks  described  in  and  system  observability.  For  this  reason,  we  refer  to  the  attacks  of  as  unobservable  attacks. 
This  relationship  allows  us  to  extend  earlier  topological  results  to  give  an  efficient  algorithm  to  calculate  attacks  of  this  nature 
require  a  small  number  of  adversarial  meters.  Our  algorithm  is  based  on  the  special  structure  of  the  power  system,  and  makes 
use  of  techniques  to  efficiently  minimize  submodular  functions.  Our  algorithms  allow  an  operator  of  a  power  system  to  find  the 
places  in  which  it  is  most  vulnerable  to  these  attacks. 
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We  consider  the  problem  of  MiM  attacks  on  network  topology  ana  state  estimates.  We  characterize  conditions  under  which 
undetectable  attacks  are  possible,  given  a  set  of  vulnerable  meters  that  may  be  controlled  by  an  adversary.  To  this  end,  we 
consider  two  attack  regimes  based  on  the  information  set  available  to  the  attacker.  The  more  information  the  attacker  has,  the 
stronger  its  ability  to  launch  a  sophisticated  attack  that  is  hard  to  detect. 

The  global  information  regime  is  where  the  attacker  can  observe  all  meter  and  network  data  before  altering  the  adversary- 
controlled  part  of  them.  Although  it  is  unlikely  in  practice  that  an  adversary  is  able  to  operate  in  such  a  regime,  in  analyzing  the 
impact  of  attacks,  it  is  typical  to  consider  the  worst  case  by  granting  the  adversary  additional  power.  We  present  a  necessary 
and  sufficient  algebraic  condition  under  which,  given  a  set  of  adversary  controlled  meters,  there  exists  an  undetectable  attack 
that  misleads  the  control  center  with  an  incorrect  “target”  topology.  This  algebraic  condition  provides  not  only  numerical  ways  to 
check  if  the  grid  is  vulnerable  to  undetectable  attacks  but  also  insights  into  which  meters  to  protect  to  defend  against  topology 
attacks.  We  also  provide  specific  constructions  of  attacks  and  show  certain  optimality  of  the  proposed  attacks. 

A  more  practically  significant  situation  is  the  local  information  regime  where  the  attacker  has  only  local  information  from  those 
meters  it  has  gained  control.  We  present  that,  under  certain  conditions,  undetectable  attacks  exist  and  can  be  implemented 
easily  based  on  simple  heuristics.  Second,  we  study  conditions  under  which  any  topology  attack  can  be  made  detectable.  Such 
a  condition,  even  if  it  may  not  be  the  tightest,  provides  insights  into  defense  mechanisms  against  topology  attacks.  We  show 
that  if  a  set  of  meters  satisfying  a  certain  branch  covering  property  are  protected,  then  topology  attacks  can  always  be  detected. 

Finally,  we  consider  the  data  framing  attacks  that  cause  the  misidentification  of  good  data  as  bad.  Specifically,  we  formulate  the 
design  of  optimal  data  framing  attack  as  a  quadratically  constrained  quadratic  program  (QCQP).  To  analyze  the  efficacy  of  the 
data  framing  attack,  we  present  a  sufficient  condition  under  which  the  framing  attack  can  achieve  an  arbitrary  perturbation  of  the 
state  estimate  by  controlling  only  half  of  the  critical  set  of  meters.  The  optimal  design  of  framing  attack  is  based  on  a  linearized 
system.  In  practice,  a  nonlinear  state  estimator  is  often  used.  We  demonstrate  that,  under  the  nonlinear  measurement  model, 
the  framing  attacks  designed  based  on  linearized  system  model  successfully  perturb  the  state  estimate,  and  the  adversary  can 
control  the  degree  of  perturbation  as  desired. 
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